package com.ylfstu.jdbc.preparedstatement_;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.sql.*;
import java.util.Properties;
import java.util.Scanner;

/**
 * @Author: Joy_yang
 * @Date: 2022/10/19 16:28
 */
@SuppressWarnings({"all"})
public class PreparedStatement_ {
    public static void main(String[] args) throws IOException, SQLException, ClassNotFoundException {

        Scanner scanner = new Scanner(System.in);

        //让用户输入管理员名和密码
        System.out.print("请输入管理员的名字："); //next() 当接收到 空格 或者是 ' 就表示结束了
        String admin_name = scanner.nextLine(); // 如果希望看到SQL注入，这里需要用nextLine() 表示回车结束
        System.out.print("请输入管理员的密码：");
        String admin_pwd = scanner.nextLine();

        //获取相关的值
        Properties properties = new Properties();
        properties.load(new FileInputStream("F:\\YLF\\javastudy\\javabaseproject\\chapter25\\src\\mysql.properties"));
        String user = properties.getProperty("user");
        String password = properties.getProperty("password");
        String url = properties.getProperty("url");
        String driver = properties.getProperty("driver");
        //1.注册驱动
        Class.forName(driver);
        //2.得到连接
        Connection connection = DriverManager.getConnection(url, user, password);

        //3.执行SQL
        String sql = "select name, pwd from admin where name = ? and pwd = ? ";

        PreparedStatement preparedStatement = connection.prepareStatement(sql);
        //给?赋值
        preparedStatement.setString(1, admin_name);
        preparedStatement.setString(2, admin_pwd);

        ResultSet resultSet = preparedStatement.executeQuery();

        if (resultSet.next()) {
            System.out.println("恭喜，登录成功！");
        } else {
            System.out.println("对不起，登录失败！");
        }

        //关闭连接
        resultSet.close();
        preparedStatement.close();
        connection.close();
    }
}
